program:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0086}]})
r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x20004, <r2=>r0})
r3 = syz_open_procfs(0x0, &(0x7f0000000240)='smaps\x00')
read$FUSE(r3, &(0x7f00000009c0)={0x2020}, 0x2020)
r4 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r4, &(0x7f0000000f80)=[{{&(0x7f0000000240)={0xa, 0x4e24, 0x86, @private0={0xfc, 0x0, '\x00', 0x1}, 0x7fffffff}, 0x1c, &(0x7f00000005c0)=[{&(0x7f0000000280)="8a", 0x1}], 0x1}}], 0x1, 0x40000c0)
shutdown(r4, 0x1)
getsockopt$bt_hci(r4, 0x84, 0x81, &(0x7f0000001280)=""/4107, &(0x7f00000000c0)=0x100b)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001680)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4040850)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a48000000030a0fdb00000000000000000a0000050900030073797a30000000000900010073797a310000000014000480080002403cb140bb0800014000000003080005400000000014000000110001"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_DELCHAIN={0x2c, 0x5, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0xa}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x2}]}, @NFT_MSG_DELRULE={0x20, 0x8, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14}}, 0x74}, 0x1, 0x0, 0x0, 0xb0}, 0x20008890)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/188)
r6 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r6, 0xc00c642e, &(0x7f00000000c0)={<r7=>0x0, 0x0, r2})
ioctl$DRM_IOCTL_GEM_FLINK(r6, 0xc00864d2, &(0x7f0000000300)={r7})

[   74.462024][ T5286] Bluetooth: hci0: command tx timeout
[   74.670511][ T5320] ------------[ cut here ]------------
[   74.672853][ T5320] !RB_EMPTY_ROOT(&prime_fpriv->dmabufs)
[   74.672864][ T5320] WARNING: drivers/gpu/drm/drm_prime.c:224 at drm_prime_destroy_file_private+0x4b/0x60, CPU#0: syz.0.0/5320
[   74.679716][ T5320] Modules linked in:
[   74.681362][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   74.685074][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   74.689573][ T5320] RIP: 0010:drm_prime_destroy_file_private+0x4b/0x60
[   74.692622][ T5320] Code: 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 2d c9 c6 fc 48 83 3b 00 75 0c e8 72 fd 59 fc 5b e9 cc e4 41 06 cc e8 66 fd 59 fc 90 <0f> 0b 90 5b e9 bc e4 41 06 cc 66 66 2e 0f 1f 84 00 00 00 00 00 90
[   74.700292][ T5320] RSP: 0018:ffffc9000380fc40 EFLAGS: 00010293
[   74.702834][ T5320] RAX: ffffffff856bd3da RBX: ffff88803c5333b0 RCX: ffff888032a64a00
[   74.706178][ T5320] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff88803c533328
[   74.709312][ T5320] RBP: ffff88803c533278 R08: ffffc9000380fbc7 R09: 1ffff92000701f78
[   74.712215][ T5320] R10: dffffc0000000000 R11: fffff52000701f79 R12: dffffc0000000000
[   74.715281][ T5320] R13: dead000000000100 R14: 0000000000000000 R15: ffff88803c533288
[   74.718354][ T5320] FS:  0000555562890540(0000) GS:ffff88808c881000(0000) knlGS:0000000000000000
[   74.721850][ T5320] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   74.724269][ T5320] CR2: 00007f30d7b86480 CR3: 0000000013393000 CR4: 0000000000352ef0
[   74.727672][ T5320] Call Trace:
[   74.729134][ T5320]  <TASK>
[   74.730592][ T5320]  drm_file_free+0x7f1/0xa00
[   74.732599][ T5320]  drm_release+0x2de/0x3f0
[   74.734624][ T5320]  ? __pfx_drm_release+0x10/0x10
[   74.736867][ T5320]  __fput+0x44f/0xa60
[   74.738704][ T5320]  task_work_run+0x1d9/0x270
[   74.740892][ T5320]  ? __pfx_task_work_run+0x10/0x10
[   74.743125][ T5320]  exit_to_user_mode_loop+0xf3/0x4d0
[   74.745448][ T5320]  ? rcu_is_watching+0x15/0xb0
[   74.747601][ T5320]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.750416][ T5320]  do_syscall_64+0x33e/0xf80
[   74.752532][ T5320]  ? clear_bhb_loop+0x40/0x90
[   74.754568][ T5320]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.757297][ T5320] RIP: 0033:0x7f30d7b9ce59
[   74.759376][ T5320] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   74.767464][ T5320] RSP: 002b:00007fff5c23eb18 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[   74.773740][ T5320] RAX: 0000000000000000 RBX: 00007f30d7e17da0 RCX: 00007f30d7b9ce59
[   74.777133][ T5320] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[   74.780926][ T5320] RBP: 00007f30d7e17da0 R08: 00007f30d7e16128 R09: 0000000000000000
[   74.784215][ T5320] R10: 0000000000de9410 R11: 0000000000000246 R12: 00000000000124e4
[   74.787561][ T5320] R13: 00007f30d7e15fac R14: 0000000000012275 R15: 00007f30d7e15fa0
[   74.791012][ T5320]  </TASK>
[   74.792391][ T5320] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   74.795574][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   74.799442][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   74.803500][ T5320] Call Trace:
[   74.804891][ T5320]  <TASK>
[   74.806126][ T5320]  vpanic+0x56c/0xa60
[   74.807850][ T5320]  ? __pfx__printk+0x10/0x10
[   74.809793][ T5320]  ? __pfx_vpanic+0x10/0x10
[   74.811759][ T5320]  ? is_bpf_text_address+0x292/0x2b0
[   74.813887][ T5320]  ? is_bpf_text_address+0x26/0x2b0
[   74.815974][ T5320]  panic+0xc5/0xd0
[   74.817484][ T5320]  ? __pfx_panic+0x10/0x10
[   74.819349][ T5320]  __warn+0x315/0x4c0
[   74.821042][ T5320]  ? drm_prime_destroy_file_private+0x4b/0x60
[   74.823616][ T5320]  ? drm_prime_destroy_file_private+0x4b/0x60
[   74.826015][ T5320]  __report_bug+0x29a/0x540
[   74.827972][ T5320]  ? drm_prime_destroy_file_private+0x4b/0x60
[   74.830520][ T5320]  ? __pfx___report_bug+0x10/0x10
[   74.832549][ T5320]  ? drm_file_free+0x78a/0xa00
[   74.834462][ T5320]  ? drm_prime_destroy_file_private+0x4b/0x60
[   74.836892][ T5320]  report_bug+0x16a/0x220
[   74.838706][ T5320]  ? drm_prime_destroy_file_private+0x4b/0x60
[   74.841210][ T5320]  ? drm_prime_destroy_file_private+0x4d/0x60
[   74.843656][ T5320]  handle_bug+0x9c/0x200
[   74.845469][ T5320]  exc_invalid_op+0x1a/0x50
[   74.847498][ T5320]  asm_exc_invalid_op+0x1a/0x20
[   74.849558][ T5320] RIP: 0010:drm_prime_destroy_file_private+0x4b/0x60
[   74.852273][ T5320] Code: 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 2d c9 c6 fc 48 83 3b 00 75 0c e8 72 fd 59 fc 5b e9 cc e4 41 06 cc e8 66 fd 59 fc 90 <0f> 0b 90 5b e9 bc e4 41 06 cc 66 66 2e 0f 1f 84 00 00 00 00 00 90
[   74.860264][ T5320] RSP: 0018:ffffc9000380fc40 EFLAGS: 00010293
[   74.862812][ T5320] RAX: ffffffff856bd3da RBX: ffff88803c5333b0 RCX: ffff888032a64a00
[   74.866010][ T5320] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff88803c533328
[   74.869184][ T5320] RBP: ffff88803c533278 R08: ffffc9000380fbc7 R09: 1ffff92000701f78
[   74.872340][ T5320] R10: dffffc0000000000 R11: fffff52000701f79 R12: dffffc0000000000
[   74.875524][ T5320] R13: dead000000000100 R14: 0000000000000000 R15: ffff88803c533288
[   74.878857][ T5320]  ? drm_prime_destroy_file_private+0x4a/0x60
[   74.881401][ T5320]  drm_file_free+0x7f1/0xa00
[   74.883401][ T5320]  drm_release+0x2de/0x3f0
[   74.885268][ T5320]  ? __pfx_drm_release+0x10/0x10
[   74.887248][ T5320]  __fput+0x44f/0xa60
[   74.888990][ T5320]  task_work_run+0x1d9/0x270
[   74.890820][ T5320]  ? __pfx_task_work_run+0x10/0x10
[   74.892984][ T5320]  exit_to_user_mode_loop+0xf3/0x4d0
[   74.895222][ T5320]  ? rcu_is_watching+0x15/0xb0
[   74.897198][ T5320]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.899724][ T5320]  do_syscall_64+0x33e/0xf80
[   74.901709][ T5320]  ? clear_bhb_loop+0x40/0x90
[   74.903559][ T5320]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.905867][ T5320] RIP: 0033:0x7f30d7b9ce59
[   74.907636][ T5320] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   74.914693][ T5320] RSP: 002b:00007fff5c23eb18 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[   74.918291][ T5320] RAX: 0000000000000000 RBX: 00007f30d7e17da0 RCX: 00007f30d7b9ce59
[   74.921589][ T5320] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[   74.924701][ T5320] RBP: 00007f30d7e17da0 R08: 00007f30d7e16128 R09: 0000000000000000
[   74.927973][ T5320] R10: 0000000000de9410 R11: 0000000000000246 R12: 00000000000124e4
[   74.931221][ T5320] R13: 00007f30d7e15fac R14: 0000000000012275 R15: 00007f30d7e15fa0
[   74.934527][ T5320]  </TASK>
[   74.936261][ T5320] Kernel Offset: disabled
[   74.938182][ T5320] Rebooting in 86400 seconds..